On Feb. 23, the University of Rhode Island sent out an email on the behalf of their Information Security Office regarding a spear phishing threat.
Phishing is an electronic communications scam in which, in an attempt to trick targets into divulging personal information—such as usernames, passwords, credit card information and/or other forms of identity—scammers send out emails impersonating a trustworthy company requesting information. Spear phishing is a more tactful approach, wherein the sender combines methods such as user segmentation, email personalization, sender impersonation and other techniques to bypass email filters and create a more solid identity for themselves in order to gain trust easily.
The Information Security Office has recently learned of a new spear phishing attack targeting URI server users, in an attempt to have URI students divulge tax information. The spear phishers are requesting W2s, with the email subject line reading “URGENT REQUEST.†A standard W2 contains one’s name, address, employee identification number and one’s social security number.
The email warns that “in the event that you receive a message fitting this description, close the message immediately and mark it as either junk or spam with your email client.†It is important that you do not reply to these emails and especially do not send them your W2 or any personal information.
URI’s email server is protected against dangerous viruses and spam by the Google Message Security service. However, the university encourages students to use caution in the case that some spam may occasionally get through to students’ inboxes or diverted into spam folders.